Bypass CSP checks for plugin-loaded requests

Bypass CSP checks for plugin-loaded requests

A recent refactor of how CSP gets applied to requests accidentally
started applying object-src directives to subresources that are loaded
by plugins. This CL skips CSP checks for RequestContextPlugin.

BUG=603952
Committed: https://crrev.com/1055ddd2281c6d0ae450477968ceeb63f210a2fa
Cr-Commit-Position: refs/heads/master@{#388043}

[estark, 2016-04-15 17:22:09]

estark@chromium.org changed reviewers:
+ mkwst@chromium.org

[estark, 2016-04-15 17:22:10]

Mike, does this look right to you? CSP shouldn't be applied to requests that
plugins make, right?

[Mike West, 2016-04-18 20:34:42]

On 2016/04/15 at 17:22:10, estark wrote:
> Mike, does this look right to you? CSP shouldn't be applied to requests that
plugins make, right?

Wait, really? This is wunderbar! If we can make Flash respect the page's policy
without breaking the internet, we absolutely should. We couldn't before dropping
NPAPI, so I never thought to test it.

[Mike West, 2016-04-18 20:35:19]

Oh. Nuts. I see. We're applying `object-src` to everything. *sigh* I guess we
can't do that.

Sadly LGTM.

[estark, 2016-04-18 21:05:32]

On 2016/04/18 20:35:19, Mike West (slow until 25th) wrote:
> Oh. Nuts. I see. We're applying `object-src` to everything. *sigh* I guess we
> can't do that.
> 
> Sadly LGTM.

Yeah, I don't think we have enough context about the request to properly apply
CSP, though it would be wonderful if we did. :( Sorry and thanks

[estark, 2016-04-18 21:05:41]

The CQ bit was checked by estark@chromium.org

[commit-bot: I haz the power, 2016-04-18 21:06:10]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1894593003/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1894593003/1

[commit-bot: I haz the power, 2016-04-18 22:18:14]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-04-18 22:20:30]

Description was changed from

==========
Bypass CSP checks for plugin-loaded requests

A recent refactor of how CSP gets applied to requests accidentally
started applying object-src directives to subresources that are loaded
by plugins. This CL skips CSP checks for RequestContextPlugin.

BUG=603952
==========

to

==========
Bypass CSP checks for plugin-loaded requests

A recent refactor of how CSP gets applied to requests accidentally
started applying object-src directives to subresources that are loaded
by plugins. This CL skips CSP checks for RequestContextPlugin.

BUG=603952

Committed: https://crrev.com/1055ddd2281c6d0ae450477968ceeb63f210a2fa
Cr-Commit-Position: refs/heads/master@{#388043}
==========

[commit-bot: I haz the power, 2016-04-18 22:20:31]

Patchset 1 (id:??) landed as
https://crrev.com/1055ddd2281c6d0ae450477968ceeb63f210a2fa
Cr-Commit-Position: refs/heads/master@{#388043}